Facebook says Flash security woes could hurt its business

Earlier this month, a security vulnerability in Adobe Flash compelled Google and Mozilla to temporarily block the plug-in from their browsers. Now, Facebook says the problems with Flash could hurt its bottom line.

In a filing with U.S. regulators on Friday, Facebook said security issues with Flash could harm the revenue it collects from its Payments service. That's because social games on Facebook rely on Flash, and they're also the source for substantially all the revenue it gets from Payments.

The company listed the concern for the first time among the "risk factors" in its quarterly filing. Public companies in the U.S. are required to disclose such risks to investors. It doesn't mean Facebook's revenue from Payments is about to collapse, but it means it's enough of a concern that Facebook felt the need to disclose it.

"In July 2015, certain vulnerabilities discovered in Flash led to temporary interruption of support for Flash by popular web browsers," the company wrote in the filing with the U.S. Securities and Exchange Commission. "If similar interruptions occur in the future and disrupt our ability to provide social games to some or all of our users, our ability to generate Payments revenue would be harmed.

Spokespeople for Facebook and Adobe declined to comment.

Earlier this month, Alex Stamos, Facebook's chief security officer, said on Twitter that Adobe should announce an "end-of-life" date for Flash. The remark drew a lot of attention and has been re-tweeted more than 2,400 times.

One reason Facebook hasn't ended support for Flash is the large number of developers still creating games with it, said Jerome Segura, senior security researcher at Malwarebytes Labs, a division of the Internet security vendor.

"There are people in the gaming industry who are still very attached to Flash," he said.

Flash is still widely used in web browsers, though sites are increasingly supporting alternatives like JavaScript and HTML 5. Besides Flash, Facebook also supports HTML and Unity on the desktop.

Copyright 2016 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.